Manage your profile
This page shows your user information and (if your user role has the relevant permissions)
your tenant details and your subscription. You can change your own information and your tenant
details, and buy a subscription.
You can also watch the tutorial
video.
Profile
You can change your personal profile and preferences:
- Name - change your name. Please note that you can't change your own email
address, as this can only be done in Manage - Users.
- Mobile phone - your mobile phone number, including your country code. Phone
numbers must be between 9 and 16 digits. This is also used for system notifications by SMS.
- Dates, numbers, and periods - select how you want dates, numbers, and
periods to be visually displayed in reports and models (watch the tutorial video).
- Theme - select between the standard color scheme, the light color scheme,
or the masked theme. The masked theme will mask (hide) all amounts in reports, models,
charts, and data sets. This special theme is suitable for demonstration and training
sessions, so you can show the application without displaying any amounts.
- Email me on imports - select if you want to be emailed when selected
data sets have newly imported data within the past 24 hours.
- Show tips - select if you want to see tooltips, hints, suggestions, or the
guided tour whilst you navigate through XLReporting. Tooltips are small ⓘ icons that
show extra information when you hover over them.
Tenant details
If your user role has Edit tenant permission, you can also change the company
details of your tenant:
- Company name and address - enter or edit your company address details.
- Currency - set the default currency. You can deviate from this in reports.
- Your logo - enter the URL to an image file. This image will be displayed as
the logo. You can copy the address of a web-based image file by right-clicking on the
relevant webpage in your web browser and selecting "Copy image address".
- Color - you can assign a default color for the page header. Optionally, you
can define a different color for each group of items. This makes user navigation more
intuitive.
- Security options - select optional security options for your tenant. Please
read the next paragraph for detailed explanations.
- Global settings - define optional global settings that you can lookup in
any import, report, or model using the SETTING function.
Security options
If your user role has Edit tenant permission, you can also change the security
options for your tenant, which will apply to all your users:
- Enforce MFA login - Multi-Factor-Authentication (MFA) creates an extra
level of security when logging into XLReporting. In addition to email and password, users
will be prompted to enter a code that is displayed on their mobile device. They can use any
(OTP-based) mobile app such as Google Authenticator, Microsoft Authenticator, Twilio Authy,
LastPass etc. By default, each user can decide whether or not to activate
MFA. However, if you want to make it mandatory for your tenant, you can enable this
option, which will prompt all your users to activate MFA (if necessary) the next time they
login. This ensures optimal MFA usage, even for users that have access to multiple tenants.
- Enforce same domain - when enabled, this will require the email address
of new users to be in the same domain(s) that are already currently in use. For example, if
your current users have "@mycompany.nl" and "@mycompany.com" email addresses, all new users
have to be in either of those 2 domains. Whenever you want to add a domain, you can
temporarily disable this setting, create a new user with the new domain, and then
enable this setting again.
- Enforce Single Sign-On - in addition to logging in with username and
password, users can also login via an external Single Sign-On system (see
Single Sign-On). Both routes can co-exist, because XLReporting is
multi-tenant. If you want single sign-on to be the only permitted route for
your tenant, you can enable this option, which will remove features such as self-service
password resets.
- Disable external dashboards - by default, dashboards can be published to
external people who are not registered users within XLReporting (read more). If you don't want your users to be able to
do this, you can disable that feature here for your tenant.
- Disable defined scripts - by default, scripts can be created when defining
objects. Scripts are small pieces of code that can perform automated and repetitive
tasks, but they carry some risk. If you don't want your users to be able to define scripts,
you can disable that feature here for your entire tenant. This will also prevent execution
of scripts that have already been defined.
✭ Notes:
- When you are enforcing MFA, users without MFA activated will be prompted to activate MFA
every time they login (if necessary), but they can still decide to postpone this action.
This is by design to avoid problems where users can no longer access the system.
Therefore, you should manually review the adoption of MFA amongst your users, and decide
appropriate actions for users that keep postponing MFA.
- You can use the option Actions - Review users and roles to review the
MFA login status (and SSO login status) of each of your users. You can use the option
Actions - Review this tenant to see the login and activity history of
each of your users.
You can also watch the tutorial
video.
Global settings
Global settings enable you to define settings for your tenant, either just by name or as a
"name=value". You can lookup these settings with the SETTING function in your imports,
reports, and models. This function returns true or false if the given setting exists in the
tenant, or its value if you used "name=value". See the SETTING
function for more details.
Please note that global settings are case-sensitive. It is best to avoid using spaces.
Subscription
This section is only visible if your user role has Edit settings
permission, and deals with your contractual agreement with us and your right to use our
services:
- Your current subscription - this shows your current subscription plan and
how much data you are currently using. We apply a "Fair Use" policy, but if you are
structurally exceeding your subscription storage, you need to upgrade your subscription
plan. Please contact us for any questions you may have.
- Accept our Service Agreement - we kindly ask you to read our Service
Agreement, and tick this box to indicate that you accept it. The agreement outlines
important things about our obligations as Provider, your rights as Customer, and the
measures we take to protect your data.
Please note that you must accept the
agreement before you can fully use your subscription.
Click
here to read the agreement in full.
- Close your tenant - we surely hope you'll never need this option, but if
you must, then here it is. Your tenant will be closed immediately, and all data will be
automatically deleted after 5 days. If you regret your decision, please contact us within 5 days.
- Your subscription - click on any of the product boxes to upgrade (or
downgrade) your subscription plan. You'll be taken through a payment process with our
partner Stripe Inc to process your payment. You can opt for monthly or annual subscriptions.
Single Sign-On (SSO)
XLReporting has its own user management based on username and password, with optional "Multi
Factor Authentication" (MFA).
We also support "Single Sign-On" (SSO) which delegates
the user authentication and login to an external identity provider that supports the OpenID
Connect protocol. This gives you a single and unified management of all your users. You can
connect with the following providers:
- Auth0 - a flexible solution
for authentication and authorization of users.
- Okta - a secure identity cloud that links
all your apps, logins and devices into unified user management.
- WorkOS - a single integration that
enables your application to support SSO for the most popular identity providers.
- Azure
AD - an enterprise identity service provides single sign-on, multifactor
authentication, and conditional access.
- SecureLogin - a single sign-on
solution for accounting firms and their clients.
- SurfConext - a
single sign-on solution for education and research institutions.
- Any OpenID Connect provider - XLReporting
uses the leading oAuth2 OpenID protocol, which is used by most identity providers.
Please contact us for details on SSO configuration, as we will need to coordinate this with your
own IT team. You can read more details here.
Actions
You can use the Save and Actions buttons in
the right-top of the screen:
These buttons enable you to do the following:
- Save - save your changes (or Ctrl+S)
- Actions - open a dropdown menu with further options:
- Change my password - passwords must be at least 12
characters using a combination of lowercase and uppercase letters, numbers, and
symbols. We highly recommend that you use a Password Manager to generate and
remember the password for you.
- Change my MFA - when activated, this creates an extra
level of security when logging into XLReporting. In addition to email and password,
you will be prompted to enter a code that is displayed on your mobile device. You
can use (TOTP-based) mobile app such as Google Authenticator, Microsoft
Authenticator, Twilio Authy, LastPass etc. If you have problems logging in with
Multi-Factor-Authentication (MFA), or if you have lost your MFA device, you can contact us. We can reset your MFA only after approval
from your tenant administrator.
- Change my API access - when activated, you can retrieve data from (and import data
into) data sets through the XLReporting API. For example, you can send data directly
from another system or database into XLReporting without having to go through the
web pages. Or you can retrieve data from XLReporting directly into another system.
You need to provide an API token with all requests. API tokens are valid for 360
days, and you can revoke or renew them at any point in time.
- Transfer objects - this option is only visible if your user role has Transfer
objects permission, and enables you to export the configuration of your
objects to a file, for (re)import at any later point in time, or import into another
tenant.
- Refresh sandbox - this option is only visible if your user role has Edit
tenant permission AND you are logged into a Sandbox
tenant (which is a separate copy of your live tenant). This option enables
you to refresh all configuration and data in your sandbox tenant based on your live
tenant.
- Review my activity - this option shows your own recent activity.
- Review this tenant - this option is only visible if your user role has Edit
tenant permission, and shows your tenant configuration and recent
activity.
- Review users and roles - this option is only visible if your user role has Edit
tenant permission, and shows the permissions of user roles.
- Manage clients - this option is only visible if you are a XLReporting partner
and your user role has Manage clients permission. It enables you to
view your client tenants, and to manage, review, create and update all defined
objects, user roles, and users into your clients. See Manage
clients for more detail.
- Switch tenant - this option is only visible if you have access to more than one
tenant, and it enables you to switch between those tenants without having to login
again.
✭ Notes:
- All above actions and settings in your profile are specific for each tenant that you
have access to, with exception of your password and MFA login. These apply to you across
all tenants that you have access to.
Password
XLReporting only accepts strong passwords of minimum 12 characters using a
combination of lowercase and uppercase letters, numbers, and symbols. We do this in
accordance with the OWASP guidelines for secure web applications.
Passwords are set to automatically expire after 180 days.
You can renew your password anytime you wish.
We highly recommend that you use a Password Manager to generate and remember the password for
you.
MFA and API tokens
You can activate Multi-Factor-Authentication (MFA) and a API access token using the
Actions menu:
✭ Notes:
- We do not provide fallback codes for MFA. If you have problems logging in with
Multi-Factor-Authentication (MFA), or if you have lost your MFA device, you can contact us. We will reset your MFA only after
approval from your tenant administrator.
- Be cautious when you enable API access. Only do this when you are really using API
calls and always use the "principle of least privilege".
- API tokens are valid for 360 days, but will expire immediately when you revoke or renew
your token, or when your API permissions or user account are deleted.
- You will be timely notified by email when your token is due to expire.